<?php

session_start(); 
require_once '../include/common.inc.php';

$page_title = 'TABLA';

$alert_message = "Please enter your username and password to login. ";

if ((isset($_GET['action']) && $_GET['action'] == 'logout') || (isset($_POST['action']) && $_POST['action'] == 'logout')) {
    Cookie('AdminUser','',0);
    //$alert_message = "<font color=red>Logout success. </font>";
    echo "<script>alert('Logout success.');location.href='index.php'</script>";
    //header("Location: index.php");
    exit;
} elseif(isset($_POST['admin_pwd']) && isset($_POST['admin_name']) && !empty($_POST['admin_pwd']) && !empty($_POST['admin_name'])){

	$postValidCode = $_POST["validCode"];
	$sessionValidCode = $_SESSION["loginauthcode"];
	if($postValidCode != $sessionValidCode)
	{
		$alert_message = "<font color=red>Invalid validcode! Please try again.</font>";
	}
	else
	{
		$rs = $db->get_one("SELECT password FROM user_profile WHERE username='" . $_POST['admin_name'] . "' and `type` = 10");
		if(md5($_POST['admin_pwd']) == $rs['password']){
			$sql = "UPDATE `user_profile` SET `lastlogin` = `currlogin`, `currlogin` = '$timestamp' WHERE username='" . $_POST['admin_name'] . "' and `type` = 10";
			$db->query($sql);
			$AdminUser	= StrCode( $timestamp."\t".$_POST['admin_name']."\t".md5( PwdCode( md5($_POST['admin_pwd']) ).$timestamp));
			Cookie('AdminUser',$AdminUser);
					
			$AdminUser2 = $_COOKIE['AdminUser'];
			header("Location: main.php");
			exit;
		} else {
			$alert_message = "<font color=red>Invalid username or password! Please try again.</font>";
		}
	}
	/*
	//ʱ
	if($_POST['admin_name']=="admin"&&$_POST['admin_pwd']=="webshop"){
		Cookie('AdminUser',$_POST['admin_name']);
        header("Location: main.php");
        exit;
	}else {
        $alert_message = "<font color=red>Invalid username or password! Please try again.</font>";
    }
	*/
} elseif(GetCookie('AdminUser')) {
    header("Location: main.php");
    exit;
} elseif (isset($_POST['action']) && $_POST['action'] == 'login') {
    $alert_message = "<font color=red>Please enter your username and password to login. </font>";
}


require_once PrintEot('a_index');

?>